Analysis
-
max time kernel
178s -
max time network
195s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 16:59
General
-
Target
0257f371db74f30e746dd7e02dd3ad52860067751e80d4db5939ad1a8ee4f20d.exe
-
Size
72KB
-
MD5
068463d8b992f8c9cd80e4fced43af79
-
SHA1
bb634245af2a8bad9248feed7b168d02b523e747
-
SHA256
0257f371db74f30e746dd7e02dd3ad52860067751e80d4db5939ad1a8ee4f20d
-
SHA512
7bb5ec82dce8aa5083307c3f1255baf30e11ebd5d0c6d6ed4b837dc06a4b2a5b7b2a75d5ac105779b7109e4049d3c88de207166916d2d44fba1629fb90eaba31
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2I:ipQNwC3BEddsEqOt/hyJF+x3BEJwRr0
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 12 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0257f371db74f30e746dd7e02dd3ad52860067751e80d4db5939ad1a8ee4f20d.exe"C:\Users\Admin\AppData\Local\Temp\0257f371db74f30e746dd7e02dd3ad52860067751e80d4db5939ad1a8ee4f20d.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\1928051653\backup.exeC:\Users\Admin\AppData\Local\Temp\1928051653\backup.exe C:\Users\Admin\AppData\Local\Temp\1928051653\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\PerfLogs\update.exeC:\PerfLogs\update.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\update.exe"C:\Program Files\7-Zip\update.exe" C:\Program Files\7-Zip\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\data.exe"C:\Program Files\Common Files\data.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\update.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\update.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\data.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\data.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\data.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\data.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\data.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\data.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\update.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\update.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\update.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\update.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- System policy modification
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- System policy modification
-
C:\Program Files\Internet Explorer\es-ES\System Restore.exe"C:\Program Files\Internet Explorer\es-ES\System Restore.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- System policy modification
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jre1.8.0_66\bin\data.exe"C:\Program Files\Java\jre1.8.0_66\bin\data.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\PackageManifests\data.exe"C:\Program Files\Microsoft Office\PackageManifests\data.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Microsoft Office\root\Client\System Restore.exe"C:\Program Files\Microsoft Office\root\Client\System Restore.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
- System policy modification
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office\Updates\backup.exe"C:\Program Files\Microsoft Office\Updates\backup.exe" C:\Program Files\Microsoft Office\Updates\6⤵
- System policy modification
-
C:\Program Files\Microsoft Office\Updates\Apply\backup.exe"C:\Program Files\Microsoft Office\Updates\Apply\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\7⤵
- System policy modification
-
C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\backup.exe"C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\6⤵
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\10⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\10⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\data.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\data.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\data.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\data.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
C:\Program Files (x86)\Internet Explorer\en-US\update.exe"C:\Program Files (x86)\Internet Explorer\en-US\update.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
C:\Program Files (x86)\Internet Explorer\images\backup.exe"C:\Program Files (x86)\Internet Explorer\images\backup.exe" C:\Program Files (x86)\Internet Explorer\images\6⤵
-
C:\Program Files (x86)\Internet Explorer\it-IT\System Restore.exe"C:\Program Files (x86)\Internet Explorer\it-IT\System Restore.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
C:\Program Files (x86)\Microsoft\backup.exe"C:\Program Files (x86)\Microsoft\backup.exe" C:\Program Files (x86)\Microsoft\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\backup.exe"C:\Program Files (x86)\Microsoft\Edge\backup.exe" C:\Program Files (x86)\Microsoft\Edge\6⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\7⤵
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\data.exeC:\Users\Admin\data.exe C:\Users\Admin\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\3D Objects\update.exe"C:\Users\Admin\3D Objects\update.exe" C:\Users\Admin\3D Objects\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Users\Admin\Contacts\System Restore.exe"C:\Users\Admin\Contacts\System Restore.exe" C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
C:\Users\Public\System Restore.exe"C:\Users\Public\System Restore.exe" C:\Users\Public\5⤵
- System policy modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- Disables RegEdit via registry modification
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\appcompat\data.exeC:\Windows\appcompat\data.exe C:\Windows\appcompat\5⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
- System policy modification
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
- System policy modification
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\acrocef_low\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\1⤵
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\1⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\ARM\data.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\data.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\2⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\1⤵
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\1⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\1⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\1⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\2⤵
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\data.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\data.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\2⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PerfLogs\update.exeFilesize
72KB
MD5515e73e88cb8f8b4b9c4a814b90d888e
SHA1027bfc9de89cc3c43a18f3deade62e608e01bf59
SHA256be8c8715b900d43db1da4d3724c3a4ba370d6778336650c0f15a6a62187c053d
SHA5129a3fa0bbed537b56ef9c4653f79457cea63fab0693577c7ef4e7b612e13a0a0331a2d9a4ce9054a10cc2ced1e1bfec1425e5930540cab6a40cc9fbd531619994
-
C:\PerfLogs\update.exeFilesize
72KB
MD5515e73e88cb8f8b4b9c4a814b90d888e
SHA1027bfc9de89cc3c43a18f3deade62e608e01bf59
SHA256be8c8715b900d43db1da4d3724c3a4ba370d6778336650c0f15a6a62187c053d
SHA5129a3fa0bbed537b56ef9c4653f79457cea63fab0693577c7ef4e7b612e13a0a0331a2d9a4ce9054a10cc2ced1e1bfec1425e5930540cab6a40cc9fbd531619994
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exeFilesize
72KB
MD5cdaf146de6ee817eb35044442a656f61
SHA120cd02cd53622a2a7d64ecd4e0af3267ac1b51bd
SHA256679390cb2e6eca8f8aa673d3756ac1dd0079db81de0a12d341ba7c4b210def76
SHA5121df4f615c2fc5c6d367ef6fb7f77e60dee637f8bacdf7a939c08a0d4d232bef7801d1d5e6199cd40decd0cf91a4fe894a476fd3b4cddb4b25a9c283679281c51
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exeFilesize
72KB
MD5cdaf146de6ee817eb35044442a656f61
SHA120cd02cd53622a2a7d64ecd4e0af3267ac1b51bd
SHA256679390cb2e6eca8f8aa673d3756ac1dd0079db81de0a12d341ba7c4b210def76
SHA5121df4f615c2fc5c6d367ef6fb7f77e60dee637f8bacdf7a939c08a0d4d232bef7801d1d5e6199cd40decd0cf91a4fe894a476fd3b4cddb4b25a9c283679281c51
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exeFilesize
72KB
MD5cdaf146de6ee817eb35044442a656f61
SHA120cd02cd53622a2a7d64ecd4e0af3267ac1b51bd
SHA256679390cb2e6eca8f8aa673d3756ac1dd0079db81de0a12d341ba7c4b210def76
SHA5121df4f615c2fc5c6d367ef6fb7f77e60dee637f8bacdf7a939c08a0d4d232bef7801d1d5e6199cd40decd0cf91a4fe894a476fd3b4cddb4b25a9c283679281c51
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exeFilesize
72KB
MD5cdaf146de6ee817eb35044442a656f61
SHA120cd02cd53622a2a7d64ecd4e0af3267ac1b51bd
SHA256679390cb2e6eca8f8aa673d3756ac1dd0079db81de0a12d341ba7c4b210def76
SHA5121df4f615c2fc5c6d367ef6fb7f77e60dee637f8bacdf7a939c08a0d4d232bef7801d1d5e6199cd40decd0cf91a4fe894a476fd3b4cddb4b25a9c283679281c51
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exeFilesize
72KB
MD5687dc03f19fd8f10ce345212e56069d5
SHA109019c3d593f20b8af07ef09b0c185cca552169d
SHA2560117f97a7318bbdf3f1126ff5c8285777c692cd5402b2200267e2e50252b6d83
SHA5121913b6d7982264878bc88dbfa29aef36f1186b267170026361b64278298e1364a200be471bc35ee7aecd716edc2b4e57257d3a2694e600ffc90a1502209ab272
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exeFilesize
72KB
MD5687dc03f19fd8f10ce345212e56069d5
SHA109019c3d593f20b8af07ef09b0c185cca552169d
SHA2560117f97a7318bbdf3f1126ff5c8285777c692cd5402b2200267e2e50252b6d83
SHA5121913b6d7982264878bc88dbfa29aef36f1186b267170026361b64278298e1364a200be471bc35ee7aecd716edc2b4e57257d3a2694e600ffc90a1502209ab272
-
C:\Program Files (x86)\Adobe\backup.exeFilesize
72KB
MD5bfe5aa7982e952c131f0e7e05af9c1f0
SHA1ef6323ebbef10f8d68710334b22183df9da5c8f7
SHA2568f62311341c2dd1328dc2d089bcfd11c871f14b28275ae098e524e33ea27fa6c
SHA5129c1f8a42774b35901627b06821c599be85408d9758899e7e86b15047d5e97a69471926833d2d69e14c825242cb4df005b7d2faee5a421c8cbbc8fad83e4846a9
-
C:\Program Files (x86)\Adobe\backup.exeFilesize
72KB
MD5bfe5aa7982e952c131f0e7e05af9c1f0
SHA1ef6323ebbef10f8d68710334b22183df9da5c8f7
SHA2568f62311341c2dd1328dc2d089bcfd11c871f14b28275ae098e524e33ea27fa6c
SHA5129c1f8a42774b35901627b06821c599be85408d9758899e7e86b15047d5e97a69471926833d2d69e14c825242cb4df005b7d2faee5a421c8cbbc8fad83e4846a9
-
C:\Program Files (x86)\backup.exeFilesize
72KB
MD59260dab143f1a1feb96357eaa4cadd68
SHA132156750ba337c01a9f571e71e42867546c3c300
SHA256bc1ece106ff277504094b4f448e9ca30b3b2b801e56c2f04e13530461ce02c31
SHA5124903e9f4ffc705d9080ebaaf68f3c639839632ef96ca284278e108b7b9cc60df7672e4cf4e19fc5de3cac1d79ae72217d20b36fa01e2a87bac69cbcadaaeba49
-
C:\Program Files (x86)\backup.exeFilesize
72KB
MD59260dab143f1a1feb96357eaa4cadd68
SHA132156750ba337c01a9f571e71e42867546c3c300
SHA256bc1ece106ff277504094b4f448e9ca30b3b2b801e56c2f04e13530461ce02c31
SHA5124903e9f4ffc705d9080ebaaf68f3c639839632ef96ca284278e108b7b9cc60df7672e4cf4e19fc5de3cac1d79ae72217d20b36fa01e2a87bac69cbcadaaeba49
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5526cf45901a979e14abaa67544062db5
SHA1dbaa7787cf2a5db759db270880024610d498c23d
SHA256dfc2ed77abf5679b41bdf551a3af89b99d4dc311179ccc535bb611a181b204a1
SHA51282d5ef8676638feb0c5d97bb058b23391f4487f87e8eb3c6568a925a79e5427e61080efb370f842e7df63699c2c5afea0245834f5c4a14c0601c7299e29cae66
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5526cf45901a979e14abaa67544062db5
SHA1dbaa7787cf2a5db759db270880024610d498c23d
SHA256dfc2ed77abf5679b41bdf551a3af89b99d4dc311179ccc535bb611a181b204a1
SHA51282d5ef8676638feb0c5d97bb058b23391f4487f87e8eb3c6568a925a79e5427e61080efb370f842e7df63699c2c5afea0245834f5c4a14c0601c7299e29cae66
-
C:\Program Files\7-Zip\update.exeFilesize
72KB
MD533a9cbda01ebe6f9da145c2d0c0c7a4f
SHA15307e78f87b3676a6366809f20afb8035ff26628
SHA2563c2dfaa1d19651fe24edc09aedebfa9809eb161cbcba8d5b2c9410fed1f51c22
SHA51242172630f723e2418de92ea4bb327d1e4d30cd3b718363ab6345a6c91d2eeda78693bd8051850e80bfa381369efeb5a2a6489e2f2f4c90ad0b5c92b92c38dbd1
-
C:\Program Files\7-Zip\update.exeFilesize
72KB
MD533a9cbda01ebe6f9da145c2d0c0c7a4f
SHA15307e78f87b3676a6366809f20afb8035ff26628
SHA2563c2dfaa1d19651fe24edc09aedebfa9809eb161cbcba8d5b2c9410fed1f51c22
SHA51242172630f723e2418de92ea4bb327d1e4d30cd3b718363ab6345a6c91d2eeda78693bd8051850e80bfa381369efeb5a2a6489e2f2f4c90ad0b5c92b92c38dbd1
-
C:\Program Files\Common Files\DESIGNER\backup.exeFilesize
72KB
MD5526cf45901a979e14abaa67544062db5
SHA1dbaa7787cf2a5db759db270880024610d498c23d
SHA256dfc2ed77abf5679b41bdf551a3af89b99d4dc311179ccc535bb611a181b204a1
SHA51282d5ef8676638feb0c5d97bb058b23391f4487f87e8eb3c6568a925a79e5427e61080efb370f842e7df63699c2c5afea0245834f5c4a14c0601c7299e29cae66
-
C:\Program Files\Common Files\DESIGNER\backup.exeFilesize
72KB
MD5526cf45901a979e14abaa67544062db5
SHA1dbaa7787cf2a5db759db270880024610d498c23d
SHA256dfc2ed77abf5679b41bdf551a3af89b99d4dc311179ccc535bb611a181b204a1
SHA51282d5ef8676638feb0c5d97bb058b23391f4487f87e8eb3c6568a925a79e5427e61080efb370f842e7df63699c2c5afea0245834f5c4a14c0601c7299e29cae66
-
C:\Program Files\Common Files\data.exeFilesize
72KB
MD533a9cbda01ebe6f9da145c2d0c0c7a4f
SHA15307e78f87b3676a6366809f20afb8035ff26628
SHA2563c2dfaa1d19651fe24edc09aedebfa9809eb161cbcba8d5b2c9410fed1f51c22
SHA51242172630f723e2418de92ea4bb327d1e4d30cd3b718363ab6345a6c91d2eeda78693bd8051850e80bfa381369efeb5a2a6489e2f2f4c90ad0b5c92b92c38dbd1
-
C:\Program Files\Common Files\data.exeFilesize
72KB
MD533a9cbda01ebe6f9da145c2d0c0c7a4f
SHA15307e78f87b3676a6366809f20afb8035ff26628
SHA2563c2dfaa1d19651fe24edc09aedebfa9809eb161cbcba8d5b2c9410fed1f51c22
SHA51242172630f723e2418de92ea4bb327d1e4d30cd3b718363ab6345a6c91d2eeda78693bd8051850e80bfa381369efeb5a2a6489e2f2f4c90ad0b5c92b92c38dbd1
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exeFilesize
72KB
MD58d7244d8804a5d09f8de7b9ad499e50b
SHA1f1bdc8822ddecd7f51c886a7e1cd1a0590500297
SHA2563e0e8e6b7abf2e0a7fe1ef6a7140c22f5e88c4d0efb778856e08289ccbb45814
SHA5128f4d5c56007503e35bf082e955a06cbd556626b1a1a841f7ae2a94e2a444ed0d07a7807b67568201c1b0f340c68204dc177a709d8dea23ff4feb44c906d84c67
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exeFilesize
72KB
MD58d7244d8804a5d09f8de7b9ad499e50b
SHA1f1bdc8822ddecd7f51c886a7e1cd1a0590500297
SHA2563e0e8e6b7abf2e0a7fe1ef6a7140c22f5e88c4d0efb778856e08289ccbb45814
SHA5128f4d5c56007503e35bf082e955a06cbd556626b1a1a841f7ae2a94e2a444ed0d07a7807b67568201c1b0f340c68204dc177a709d8dea23ff4feb44c906d84c67
-
C:\Program Files\Common Files\microsoft shared\backup.exeFilesize
72KB
MD5cadc0c232cf3243cf270b36b6b1d3ca7
SHA172e609ee2513b82799c3fe964e13397c3a9282b2
SHA25699a389fbd8c32bc83d718abfc1e45616c94c874e398a495c82bc420c0943974b
SHA512eb9d0395a7e62cc6e2b05baaeda22abfb69f6762ab84ad7f34bf6ed5bec05329ee23b6feef7ac1568c29bbd81f4145ebdf4e9afc885b04b19e1a78f64bd1bbee
-
C:\Program Files\Common Files\microsoft shared\backup.exeFilesize
72KB
MD5cadc0c232cf3243cf270b36b6b1d3ca7
SHA172e609ee2513b82799c3fe964e13397c3a9282b2
SHA25699a389fbd8c32bc83d718abfc1e45616c94c874e398a495c82bc420c0943974b
SHA512eb9d0395a7e62cc6e2b05baaeda22abfb69f6762ab84ad7f34bf6ed5bec05329ee23b6feef7ac1568c29bbd81f4145ebdf4e9afc885b04b19e1a78f64bd1bbee
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exeFilesize
72KB
MD589ac28307b810d05bbafd6453ae6f70f
SHA19da97e97648a808b1a36771804cb7efad3871132
SHA25637afa1d205f9747b37255570ba819832b708ee56a197857b0a7fd4be2c6084b0
SHA512b954d302fa758122e33801d5b702b3efec5947c9f77171a6eb1ecc38c64996819fe84586e85ac12757912cb4cedaaab727d84e327d6b915882ad69efc1f34607
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exeFilesize
72KB
MD589ac28307b810d05bbafd6453ae6f70f
SHA19da97e97648a808b1a36771804cb7efad3871132
SHA25637afa1d205f9747b37255570ba819832b708ee56a197857b0a7fd4be2c6084b0
SHA512b954d302fa758122e33801d5b702b3efec5947c9f77171a6eb1ecc38c64996819fe84586e85ac12757912cb4cedaaab727d84e327d6b915882ad69efc1f34607
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exeFilesize
72KB
MD58d7244d8804a5d09f8de7b9ad499e50b
SHA1f1bdc8822ddecd7f51c886a7e1cd1a0590500297
SHA2563e0e8e6b7abf2e0a7fe1ef6a7140c22f5e88c4d0efb778856e08289ccbb45814
SHA5128f4d5c56007503e35bf082e955a06cbd556626b1a1a841f7ae2a94e2a444ed0d07a7807b67568201c1b0f340c68204dc177a709d8dea23ff4feb44c906d84c67
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exeFilesize
72KB
MD58d7244d8804a5d09f8de7b9ad499e50b
SHA1f1bdc8822ddecd7f51c886a7e1cd1a0590500297
SHA2563e0e8e6b7abf2e0a7fe1ef6a7140c22f5e88c4d0efb778856e08289ccbb45814
SHA5128f4d5c56007503e35bf082e955a06cbd556626b1a1a841f7ae2a94e2a444ed0d07a7807b67568201c1b0f340c68204dc177a709d8dea23ff4feb44c906d84c67
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exeFilesize
72KB
MD526a18b51f726d5d439a65acec18c8e8c
SHA10fbaebef600c199e54e63ecba7806a52fca06926
SHA256f1fd70450cdbc5b4502d1fbe6f8404496bfb1462d63f6e005f9939702a1bff68
SHA512a4dcfc71a7357f9162fef529fff6700cf50f5db59b25a894d2c81384b2ddc167577ac5236abc4be02c50bbcc9207871598a65178bfc062e9b846a3dd1ea8e25b
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exeFilesize
72KB
MD526a18b51f726d5d439a65acec18c8e8c
SHA10fbaebef600c199e54e63ecba7806a52fca06926
SHA256f1fd70450cdbc5b4502d1fbe6f8404496bfb1462d63f6e005f9939702a1bff68
SHA512a4dcfc71a7357f9162fef529fff6700cf50f5db59b25a894d2c81384b2ddc167577ac5236abc4be02c50bbcc9207871598a65178bfc062e9b846a3dd1ea8e25b
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exeFilesize
72KB
MD526a18b51f726d5d439a65acec18c8e8c
SHA10fbaebef600c199e54e63ecba7806a52fca06926
SHA256f1fd70450cdbc5b4502d1fbe6f8404496bfb1462d63f6e005f9939702a1bff68
SHA512a4dcfc71a7357f9162fef529fff6700cf50f5db59b25a894d2c81384b2ddc167577ac5236abc4be02c50bbcc9207871598a65178bfc062e9b846a3dd1ea8e25b
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exeFilesize
72KB
MD526a18b51f726d5d439a65acec18c8e8c
SHA10fbaebef600c199e54e63ecba7806a52fca06926
SHA256f1fd70450cdbc5b4502d1fbe6f8404496bfb1462d63f6e005f9939702a1bff68
SHA512a4dcfc71a7357f9162fef529fff6700cf50f5db59b25a894d2c81384b2ddc167577ac5236abc4be02c50bbcc9207871598a65178bfc062e9b846a3dd1ea8e25b
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exeFilesize
72KB
MD526a18b51f726d5d439a65acec18c8e8c
SHA10fbaebef600c199e54e63ecba7806a52fca06926
SHA256f1fd70450cdbc5b4502d1fbe6f8404496bfb1462d63f6e005f9939702a1bff68
SHA512a4dcfc71a7357f9162fef529fff6700cf50f5db59b25a894d2c81384b2ddc167577ac5236abc4be02c50bbcc9207871598a65178bfc062e9b846a3dd1ea8e25b
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exeFilesize
72KB
MD526a18b51f726d5d439a65acec18c8e8c
SHA10fbaebef600c199e54e63ecba7806a52fca06926
SHA256f1fd70450cdbc5b4502d1fbe6f8404496bfb1462d63f6e005f9939702a1bff68
SHA512a4dcfc71a7357f9162fef529fff6700cf50f5db59b25a894d2c81384b2ddc167577ac5236abc4be02c50bbcc9207871598a65178bfc062e9b846a3dd1ea8e25b
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exeFilesize
72KB
MD526a18b51f726d5d439a65acec18c8e8c
SHA10fbaebef600c199e54e63ecba7806a52fca06926
SHA256f1fd70450cdbc5b4502d1fbe6f8404496bfb1462d63f6e005f9939702a1bff68
SHA512a4dcfc71a7357f9162fef529fff6700cf50f5db59b25a894d2c81384b2ddc167577ac5236abc4be02c50bbcc9207871598a65178bfc062e9b846a3dd1ea8e25b
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exeFilesize
72KB
MD526a18b51f726d5d439a65acec18c8e8c
SHA10fbaebef600c199e54e63ecba7806a52fca06926
SHA256f1fd70450cdbc5b4502d1fbe6f8404496bfb1462d63f6e005f9939702a1bff68
SHA512a4dcfc71a7357f9162fef529fff6700cf50f5db59b25a894d2c81384b2ddc167577ac5236abc4be02c50bbcc9207871598a65178bfc062e9b846a3dd1ea8e25b
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exeFilesize
72KB
MD5231bca1e0955fab5274a3fbda54b5247
SHA15d3c0c815650ca1524754f414e325b60c2cb3e93
SHA25699a85f7deec5bae3cfb6a7f309bf87c958ebca40815ca3c8c5f2ed2a646b607b
SHA512a3d909fad2f3b0d4c317073c9a8b9bed904250119e8f10474b94951106126de6e17b4b9b4e4abe8a747054afcf0c1be26b09c4d64dd42412080814eb8108645a
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exeFilesize
72KB
MD5231bca1e0955fab5274a3fbda54b5247
SHA15d3c0c815650ca1524754f414e325b60c2cb3e93
SHA25699a85f7deec5bae3cfb6a7f309bf87c958ebca40815ca3c8c5f2ed2a646b607b
SHA512a3d909fad2f3b0d4c317073c9a8b9bed904250119e8f10474b94951106126de6e17b4b9b4e4abe8a747054afcf0c1be26b09c4d64dd42412080814eb8108645a
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exeFilesize
72KB
MD5231bca1e0955fab5274a3fbda54b5247
SHA15d3c0c815650ca1524754f414e325b60c2cb3e93
SHA25699a85f7deec5bae3cfb6a7f309bf87c958ebca40815ca3c8c5f2ed2a646b607b
SHA512a3d909fad2f3b0d4c317073c9a8b9bed904250119e8f10474b94951106126de6e17b4b9b4e4abe8a747054afcf0c1be26b09c4d64dd42412080814eb8108645a
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exeFilesize
72KB
MD5231bca1e0955fab5274a3fbda54b5247
SHA15d3c0c815650ca1524754f414e325b60c2cb3e93
SHA25699a85f7deec5bae3cfb6a7f309bf87c958ebca40815ca3c8c5f2ed2a646b607b
SHA512a3d909fad2f3b0d4c317073c9a8b9bed904250119e8f10474b94951106126de6e17b4b9b4e4abe8a747054afcf0c1be26b09c4d64dd42412080814eb8108645a
-
C:\Program Files\Google\Chrome\backup.exeFilesize
72KB
MD522ef018587bd485f0c803b0dd16f099e
SHA1bf8bb74be018044a839d39b5ae86d2188f5c0ccd
SHA2561fb73273e075148ba1a3fb2bbc6f7e5f1ddbcad01686abaccfa2867c6df958ad
SHA5123cb6cbc20b8fde22b6032b41b8c05e38f2fb7b265cf6912641bde0e823e571803fa4e8bb0cf8acbdf70fba1db1063e29890bf12eec846e747eff5914499583e6
-
C:\Program Files\Google\Chrome\backup.exeFilesize
72KB
MD522ef018587bd485f0c803b0dd16f099e
SHA1bf8bb74be018044a839d39b5ae86d2188f5c0ccd
SHA2561fb73273e075148ba1a3fb2bbc6f7e5f1ddbcad01686abaccfa2867c6df958ad
SHA5123cb6cbc20b8fde22b6032b41b8c05e38f2fb7b265cf6912641bde0e823e571803fa4e8bb0cf8acbdf70fba1db1063e29890bf12eec846e747eff5914499583e6
-
C:\Program Files\Google\backup.exeFilesize
72KB
MD53be941322ca70c5688f3d5a2a911f6ba
SHA116575e241d9fd2fb74ad05e840e0e2b187468071
SHA2562b18bf506140c8a723f1343d7d5de94290033a43dbdd962fd221c1027d9cdb3e
SHA51240eea9c501ecfe7bf84e9d19e00b8bcc2bbe74d027129ebe89ceb91796939c9d173ea2842ef58f267bf27bb28a4159ca12437bd2705525978e8918b325d48be9
-
C:\Program Files\Google\backup.exeFilesize
72KB
MD53be941322ca70c5688f3d5a2a911f6ba
SHA116575e241d9fd2fb74ad05e840e0e2b187468071
SHA2562b18bf506140c8a723f1343d7d5de94290033a43dbdd962fd221c1027d9cdb3e
SHA51240eea9c501ecfe7bf84e9d19e00b8bcc2bbe74d027129ebe89ceb91796939c9d173ea2842ef58f267bf27bb28a4159ca12437bd2705525978e8918b325d48be9
-
C:\Program Files\backup.exeFilesize
72KB
MD574654e6010107ace936448b0fa06d4f1
SHA1a112242f07da3cd8df4d11276866e04e3e504f4a
SHA25615c70d76a53cdce4e6edc0d0a9c536cd3ade57748148ef5542673fdabbc3a296
SHA512aede7e7c90e30751dd55855d0d5c166e0d790f38b4fead5337c2b6b326921b1fa434c33d2d7f433be555f36489ff4a21acd3314f2a9755abd077c45b034c6f66
-
C:\Program Files\backup.exeFilesize
72KB
MD574654e6010107ace936448b0fa06d4f1
SHA1a112242f07da3cd8df4d11276866e04e3e504f4a
SHA25615c70d76a53cdce4e6edc0d0a9c536cd3ade57748148ef5542673fdabbc3a296
SHA512aede7e7c90e30751dd55855d0d5c166e0d790f38b4fead5337c2b6b326921b1fa434c33d2d7f433be555f36489ff4a21acd3314f2a9755abd077c45b034c6f66
-
C:\Users\Admin\AppData\Local\Temp\1928051653\backup.exeFilesize
72KB
MD51e9bec51d8dfcb9fb708f4b762a44ae7
SHA1b50fd54a7da52ac8002eef8cd8aeec2612cafad0
SHA256b4ed89913ead99449499cc54eaebc4eeb588ee01097ec830b55d02d470cf8935
SHA51254c993d7fddcf10c5490c6c1793019be1c586f0895a3d9922e26d0c8a3eb41b0e818b1c057592699e3366beb05ccd3138e9a50a69575b317f38b5afea548b9b7
-
C:\Users\Admin\AppData\Local\Temp\1928051653\backup.exeFilesize
72KB
MD51e9bec51d8dfcb9fb708f4b762a44ae7
SHA1b50fd54a7da52ac8002eef8cd8aeec2612cafad0
SHA256b4ed89913ead99449499cc54eaebc4eeb588ee01097ec830b55d02d470cf8935
SHA51254c993d7fddcf10c5490c6c1793019be1c586f0895a3d9922e26d0c8a3eb41b0e818b1c057592699e3366beb05ccd3138e9a50a69575b317f38b5afea548b9b7
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\System Restore.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\System Restore.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exeFilesize
72KB
MD53aaa1ffa276b082ddfa14a8209084ca7
SHA1b0652f2102331630e85f20a726906e3de4efdab1
SHA256c645aa836ae6294ba4dcc28050c4678e29fe5e17bee579cb7e9cafcea2cb65e4
SHA5120589244a59d7c38ff527dca81164555b0b5f3bb8568ee238ccdd8b6703e875e2d8c4ea1d7ca02b80b159f609fff0b2af7bec9da29e2a02090a1f08b324abc514
-
C:\backup.exeFilesize
72KB
MD5e70dcd27b21ad497809917af1ef2ff8f
SHA1c531bde0d662e8c1f32a43bea6808e110fe1f50a
SHA256335a7076d4efffd8792e172e7617750a2bc8f0e486597ba69dcb1dd75df886d6
SHA512e5b5b2902ada75a61e88308cb57075cba14f4044a54957b0566a4f0c0c73d0594d1317f29543f8caeb945685022816f5ba83e36ce6abe04409930864da4ec66d
-
C:\backup.exeFilesize
72KB
MD5e70dcd27b21ad497809917af1ef2ff8f
SHA1c531bde0d662e8c1f32a43bea6808e110fe1f50a
SHA256335a7076d4efffd8792e172e7617750a2bc8f0e486597ba69dcb1dd75df886d6
SHA512e5b5b2902ada75a61e88308cb57075cba14f4044a54957b0566a4f0c0c73d0594d1317f29543f8caeb945685022816f5ba83e36ce6abe04409930864da4ec66d
-
C:\odt\backup.exeFilesize
72KB
MD5515e73e88cb8f8b4b9c4a814b90d888e
SHA1027bfc9de89cc3c43a18f3deade62e608e01bf59
SHA256be8c8715b900d43db1da4d3724c3a4ba370d6778336650c0f15a6a62187c053d
SHA5129a3fa0bbed537b56ef9c4653f79457cea63fab0693577c7ef4e7b612e13a0a0331a2d9a4ce9054a10cc2ced1e1bfec1425e5930540cab6a40cc9fbd531619994
-
C:\odt\backup.exeFilesize
72KB
MD5515e73e88cb8f8b4b9c4a814b90d888e
SHA1027bfc9de89cc3c43a18f3deade62e608e01bf59
SHA256be8c8715b900d43db1da4d3724c3a4ba370d6778336650c0f15a6a62187c053d
SHA5129a3fa0bbed537b56ef9c4653f79457cea63fab0693577c7ef4e7b612e13a0a0331a2d9a4ce9054a10cc2ced1e1bfec1425e5930540cab6a40cc9fbd531619994
-
memory/240-307-0x0000000000000000-mapping.dmp
-
memory/404-199-0x0000000000000000-mapping.dmp
-
memory/440-335-0x0000000000000000-mapping.dmp
-
memory/876-169-0x0000000000000000-mapping.dmp
-
memory/1152-345-0x0000000000000000-mapping.dmp
-
memory/1160-381-0x0000000000000000-mapping.dmp
-
memory/1244-244-0x0000000000000000-mapping.dmp
-
memory/1384-315-0x0000000000000000-mapping.dmp
-
memory/1412-276-0x0000000000000000-mapping.dmp
-
memory/1464-375-0x0000000000000000-mapping.dmp
-
memory/1504-364-0x0000000000000000-mapping.dmp
-
memory/1616-184-0x0000000000000000-mapping.dmp
-
memory/1632-274-0x0000000000000000-mapping.dmp
-
memory/1700-267-0x0000000000000000-mapping.dmp
-
memory/1704-239-0x0000000000000000-mapping.dmp
-
memory/1800-330-0x0000000000000000-mapping.dmp
-
memory/1852-234-0x0000000000000000-mapping.dmp
-
memory/1868-289-0x0000000000000000-mapping.dmp
-
memory/1984-293-0x0000000000000000-mapping.dmp
-
memory/2296-254-0x0000000000000000-mapping.dmp
-
memory/2400-386-0x0000000000000000-mapping.dmp
-
memory/2404-260-0x0000000000000000-mapping.dmp
-
memory/2436-194-0x0000000000000000-mapping.dmp
-
memory/2500-316-0x0000000000000000-mapping.dmp
-
memory/2540-323-0x0000000000000000-mapping.dmp
-
memory/2568-154-0x0000000000000000-mapping.dmp
-
memory/2712-134-0x0000000000000000-mapping.dmp
-
memory/2756-281-0x0000000000000000-mapping.dmp
-
memory/2804-339-0x0000000000000000-mapping.dmp
-
memory/2856-144-0x0000000000000000-mapping.dmp
-
memory/2868-189-0x0000000000000000-mapping.dmp
-
memory/2892-355-0x0000000000000000-mapping.dmp
-
memory/2900-219-0x0000000000000000-mapping.dmp
-
memory/2920-174-0x0000000000000000-mapping.dmp
-
memory/2948-298-0x0000000000000000-mapping.dmp
-
memory/2976-321-0x0000000000000000-mapping.dmp
-
memory/2976-159-0x0000000000000000-mapping.dmp
-
memory/3232-179-0x0000000000000000-mapping.dmp
-
memory/3264-294-0x0000000000000000-mapping.dmp
-
memory/3376-333-0x0000000000000000-mapping.dmp
-
memory/3600-139-0x0000000000000000-mapping.dmp
-
memory/3616-324-0x0000000000000000-mapping.dmp
-
memory/3708-378-0x0000000000000000-mapping.dmp
-
memory/3760-334-0x0000000000000000-mapping.dmp
-
memory/3780-306-0x0000000000000000-mapping.dmp
-
memory/3812-346-0x0000000000000000-mapping.dmp
-
memory/3972-365-0x0000000000000000-mapping.dmp
-
memory/4024-224-0x0000000000000000-mapping.dmp
-
memory/4076-354-0x0000000000000000-mapping.dmp
-
memory/4152-308-0x0000000000000000-mapping.dmp
-
memory/4232-372-0x0000000000000000-mapping.dmp
-
memory/4276-204-0x0000000000000000-mapping.dmp
-
memory/4352-164-0x0000000000000000-mapping.dmp
-
memory/4400-214-0x0000000000000000-mapping.dmp
-
memory/4420-387-0x0000000000000000-mapping.dmp
-
memory/4436-259-0x0000000000000000-mapping.dmp
-
memory/4444-347-0x0000000000000000-mapping.dmp
-
memory/4688-149-0x0000000000000000-mapping.dmp
-
memory/4720-209-0x0000000000000000-mapping.dmp
-
memory/4760-356-0x0000000000000000-mapping.dmp
-
memory/4796-299-0x0000000000000000-mapping.dmp
-
memory/4860-245-0x0000000000000000-mapping.dmp
-
memory/4888-363-0x0000000000000000-mapping.dmp
-
memory/4900-229-0x0000000000000000-mapping.dmp